<DKIM> Emails might go to GMail's SPAM folder

Nicolas Sebrecht nicolas.s-dev at laposte.net
Thu Feb 4 14:17:42 UTC 2016 

On Thu, Feb 04, 2016 at 10:17:45AM -0300, Raphaël wrote:
> Just got this reply from Laposte (going slightly off-topic for offlineimap) :
> 
> > Bonjour
> > Nous vous remercions pour votre conseil et allons étudier cette question
> > attentivement.
> > Nous étudions également le projet Authenticated Received Chain (ARC)
> > Référence : https://tools.ietf.org/html/draft-andersen-arc-00
> ==
> > hi, thanks, we'll have a look at this.
> > We're also studying ARC: https://tools.ietf.org/html/draft-andersen-arc-00

Ok. You're more lucky than me. I've followed the procedure online by
filling their web form. Still had no response. I expect to have a
response.

I didn't know ARC but AFAICT, this is not the point. From my quick
overview, I can't find how this can help.

Thanks to let me know. ,-)

> still about DMARC
> A receiving email server implementing DMARC is not given other choice
> than respecting the originating server DKIM policy.
>
> That's the point of DMARC.
> Here, google respects a (somehow partial) RFC that laposte.net
> implements too strictly/blindly.
> 
> Accepting that a user could override DKIM decision is like disabling
> part of the DKIM-spec marking "From:" unvalidated (and permitting an
> attacker could tamper with the From: header, or at least this value of
> From: header).

Yes, that's exactly my point. IMHO, DMARC get things wrong by not
allowing users to configure what they want. AFAIK, Google is one of the
leaders of DMARC.

> Also possible, it's probably not something most DKIM implementations
> permit out-of-the-box (since is far, if not contrary, to the
> specifications).

Yes, that's true. I think no provider allow tuning of DKIM policies.

> All of that does not explain SPAM issues of laposte.net for individual
> email that are frequently experimented (blacklisting sometimes happened
> too), but nowadays email headers are quite verbose.

Plain true. However, I can see a significant difference between
laposte.net and Gmail: while laposte.net has far less ressources, they
are responding in few days while the leader compagny did not answered
about this same issue for years, and still doesn't have. If they think
they are not responsible, they should explain their POV to the users.

I do think that leaders should be more concerned about users issues and
how to improve things. In fact, what we can see is the opposite. They
decide by themselves what's good for the users without taking their
account into consideration.  (Sadly, Google is not an exception and this
tend to be true for all the leading compagnies.)

Technically speaking, you're plain true: laposte.net probably has a real
responsability in this issue. At least, that's what I'm seeing, too. I
don't want to blindly ignore your point.  DKIM must be correctly set on
the sender side. Otherwise, this can't work fine.

OTOH, we can't get a full understanding on what's hapenning while
ignoring the context. Leaders decide what's the next technology to use,
how to implement it and how to use it.

In this case, DMARC is failing. The sender/receiver my have things
broken. This could happen to anybody. Having to wait for an answer of a
compagny without being able to tune the filters of the mail provider is
where things really hurt.

-- 
Nicolas Sebrecht

More information about the OfflineIMAP-project mailing list